Data Protection Policy

This Data Protection Policy outlines how Maybank Singapore Limited and Malayan Banking Berhad, Singapore branch (as the case may be) collects, uses, maintains and discloses your Personal Data. Maybank safeguards your Personal Data in accordance with the Singapore Personal Data Protection Act (No. 26 of 2012) ("the Act"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data. This Data Protection Policy supplements but does not supersede nor replace any other consents which you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.

For the avoidance of doubt, this Data Protection Policy forms a part of the terms and conditions governing your relationship with us (“Terms and Conditions”) and should be read in conjunction with those Terms and Conditions.

1. Your consent is important

When you request information or sign up for our products and services, you may be required to provide us with your Personal Data. In doing so, you agree and consent to Maybank Singapore Limited, Malayan Banking Berhad, Singapore Branch and their related corporations (collectively referred to herein as "Maybank", "us", "we" or "our") as well as their respective agents, authorised service providers and relevant third parties collecting, using, disclosing and/or sharing your Personal Data in accordance with this Data Protection Policy.

You have the choice, at any time, not to provide your Personal Data or to withdraw your consent to Maybank processing your Personal Data. However, do note that failure to provide such Personal Data or a withdrawal of your consent for us to process your Personal Data may result in Maybank being unable to provide you with effective and continuous products and services.

If you should withdraw your consent to the processing or handling of your Personal Data in respect of any purpose which we may reasonably consider to be essential in order for us to provide you with the products and/or services requested / applied for, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship which may be in place between us. Furthermore, we shall be entitled to treat such withdrawal as your termination of any account / agreement which you may have with us, without prejudice to any rights and remedies which we may have at law against you.

Notwithstanding the generality of the foregoing and for avoidance of doubt, upon the termination or expiry of your contractual relationship with us (howsoever caused), we may still continue using or disclosing your personal data as may be necessary, required, authorised or permitted for compliance with applicable law or as may be requested by the relevant regulatory bodies, government agencies, statutory boards, administrative bodies, authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes to which we may be subject, whether situated locally or overseas.

2. What types of Personal Data do we collect?

In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

Examples of such Personal Data you may provide to us may include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.

The Personal Data we collect can be either obligatory or voluntary. Obligatory Personal Data are those that we require in order to provide you with our products and services. If you do not provide us with obligatory Personal Data, we would not be able to provide you with our products and services. Voluntary Personal Data are those that are not mandatory in order for us to provide you with our products and services. If you do not provide us with voluntary Personal Data, you can still sign up for our products and services. Obligatory and voluntary Personal Data differ for each products and services and will be indicated in the application forms.

3. How do we collect your Personal Data?

Generally, we obtain your Personal Data in various ways, such as:

when you submit application forms or other forms relating to any of our products or services;

when you use some of our services (including but not limited to websites, apps and any online accounts established with us);

when you request that we contact you, be included in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;

when you sign up for or use one of the many services we provide or when you register an account at any Maybank websites;

when you contact any Maybank entities through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance, training and security purposes;

from our analysis of your transactions (including but not limited to payment history, loan, or deposit balances, credit or debit card purchases);

when you participate in customer surveys or when you sign up for any of our competitions or promotions;

when you submit a job application;

when we receive references from business partners and third parties, for example, where you have been referred by them;

when we seek information from third parties about you in connection with your banking products, insurance policies or job applications, for example, from your ex-employer and the relevant authorities;

when CCTVs deployed at our premises capture video and audio recordings and images of you for security purposes; and

when you submit your Personal Data to us for any other reasons.

Personal Data we collect from our websites

IP Address

An IP address is a number that is automatically assigned to your computer when you signed up with an Internet Service Provider. When you visit our website, your IP address is automatically logged in our server. We use your IP address to help diagnose problems with our server, and to administer our website. From your IP address, we may identify the general geographic area from which you are accessing our website however, we will not be able to pinpoint the exact geographic location from which you are accessing our website. Generally, we do not link your IP address to anything that can enable us to identify you unless it is required by applicable laws and regulations.

Information on Cookies

A cookie is an element of data that a website can send to your browser, which may then store it on your system. We use cookies in some of our pages to store visitors' preferences and record session information. The information that we collect is then used to ensure a more personalised service level for our users. You can adjust the settings on your browser so that you will be notified when you receive a cookie, or to disable the cookies associated with our website. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies. Please note however that you may not be able to enter certain part(s) of our website, and some of the functions and services may not be able to function without cookies. This may also impact your user experience while on our website.

While your privacy is our priority, we cannot guarantee that certain non-sensitive information (e.g. your preferences and favourited articles) won't be accessible by third parties if they correctly key in your email address. They cannot, however, view any account-related information as this site does not ask for nor store such information.

4. What is the purpose of processing your Personal Data?

Generally, Maybank collects, uses and discloses your Personal Data for the following purposes:

responding to your queries and requests;

verifying due diligence checks and the status of your financial standing;

managing the administrative and business operations of Maybank and complying with internal policies and procedures;

facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);

matching any Personal Data held which relates to you for any of the purposes listed herein;

resolving complaints and handling requests and enquiries;

preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing commercial risks;

providing media announcements and responses;

maintaining security of Maybank premises (including but not limited to CCTV surveillance and issuing building access passes);

meeting or complying with any applicable laws, regulations, directives, rules, codes of practice or guidelines issued by any legal or regulatory bodies which Maybank may be subject to, whether local or overseas (including but not limited to disclosures to regulatory bodies, conducting audit checks, surveillance and investigation);

legal purposes (including but not limited to obtaining legal advice and dispute resolution); and

purposes which are reasonably related to the aforesaid.

In addition:If you are retail banking or private wealth customer (which includes Personal Banking, Private Wealth, Premier Wealth, Privilege Wealth and Islamic Banking), hire purchase customer, or a mandatee of such customers, Maybank also collects, uses and discloses your Personal Data for the following purposes:

assessing your application for any of our products and services and the verification of your financial standing through credit checks;opening or continuation of accounts and establishing or providing banking services and facilitating the continuation or termination of the banking relationship (including but not limited to account maintenance and account closure);

providing you with the products and services which you have requested, including administering credit and debit cards (including but not limited to processing card applications, administering loyalty programmes, card replacement and cancellation, transactions and credit limit approvals), cheque deposits and issuance services and the provision of loans and overdraft facilities (including but not limited to the evaluation of credit risks and enforcement of repayment obligations); and

any other purpose reasonably related to any of the above.

Where permitted under the terms of the agreement which you have entered into with us and as part of the services which we provide to you, we may from time to time and at our discretion also use your contact particulars (including your phone number and email address) to contact you in order to provide you with information and/or updates which you are entitled to receive in connection with your portfolio and / or in accordance with the terms and conditions of our agreement with you on products, services or investment opportunities.

If you are the owner, chairman, director, employee, mandatee, or guarantor of an organisation that is a SME - Retail, Small Medium Enterprises (RSME) Banking or Commercial Banking or Global Banking customer (which includes Islamic banking customers), Maybank also collects, uses and discloses your Personal Data for the following purposes:

opening or continuation of accounts and establishing or providing banking services;

facilitating the continuation or termination of the banking relationship (including but not limited to account maintenance and account closure);

facilitating the daily operation of the services and credit facilities;

facilitating the daily operation of the services and credit facilities;

facilitating the transfer of funds within Maybank banking accounts or from Maybank banking accounts to external banking accounts and vice versa;

ensuring the ongoing credit worthiness of customers;

networking to maintain customer relationship;

legal purposes (including but not limited to obtaining legal advice and dispute resolution);

providing you with the products and services which you have requested, including administering credit and debit cards (including but not limited to processing card applications, administering loyalty programmes, card replacement and cancellation, transactions and credit limit approvals), cheque deposits and issuance services and the provision of loans and overdraft facilities (including but not limited to the evaluation of credit risks and enforcement of repayment obligations); and

any other purpose reasonably related to any of the above.

If you use any of Maybank’s online services (including internet and mobile banking customers, Certificate of Entitlement bidders or users of social media platforms who have reached out to Maybank), Maybank also collects, uses and discloses your Personal Data for the following purposes:

opening or continuation of accounts and establishing or providing banking services;

facilitating the continuation or termination of the banking relationship (including but not limited to account maintenance, and account closure);

providing client servicing (including but not limited to providing business support needs, transfers, balance inquiries); and

any other purpose reasonably related to any of the above.

If you are a counterparty to a transaction (for example, a beneficiary of a fund transfer or payment), Maybank also collects, uses and discloses your Personal Data for the following purposes:

providing cash and transactional services; and

any other purpose reasonably related to any of the above.

If you are a party providing referrals to Maybank under one of our referral programmes, Maybank also collects, uses and discloses your Personal Data for the following purposes:

processing payment of referral fees; and

any other purpose reasonably related to any of the above.

If you are a guarantor for a loan, Maybank also collects, uses and discloses your Personal Data for the following purposes:

processing loan applications;

providing loans and overdraft facilities (including but not limited to the evaluation of credit risks and enforcement of repayment obligations); and

any other purpose reasonably related to any of the above.

If you are a tenant of Maybank Tower, Maybank also collects, uses and discloses your Personal Data for the following purposes:

issuing building access pass and maintaining building security;

facilitating the leasing of properties (including but not limited to liaising with lawyers and preparing tenancy agreements);

administrating the lease of properties (including but not limited to handing and taking over of properties and processing of payments);

facilitating the continuation or termination of the leasing relationship (including but not limited to maintenance of tenant records and processing tenancy renewals); and

any other purpose reasonably related to any of the above.

If you are an employee of an external service provider of Maybank, Maybank also collects, uses and discloses your Personal Data for the following purposes:

issuing building access pass and maintaining building security;

managing project tenders;

processing and payment of vendor invoices;

profiling in media activities; and

any other purpose reasonably related to any of the above.

If you submit an application to us as a candidate for an employment or representative position, Maybank also collects, uses and discloses your Personal Data for the following purposes:

providing or obtaining employee references and for background screening;

evaluating and assessing your suitability for the position applied for; and

any other purposes reasonably related to any of the above.

Where permitted under the Act, Maybank may also collect, use and disclose your Personal Data as follows:

administering bancassurance products (including but not limited to the maintenance, management and operation of the products and services, communication with policy holders, and processing of any claims and payments arising under the respective policies);

providing cross-referrals to other members of the Maybank;

conducting analytics with regard to products and services which you might be interested in;

administering contests, lucky draws and competitions;

organising promotional events and corporate social responsibility projects (including but not limited to taking pictures and recording your video/audio feedback and testimony in relation thereto);

providing services, products and benefits to you, including promotions, loyalty and reward programmes;

matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by Maybank or other third parties;

sending you details of products, services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you (including but not limited to cross selling and telemarketing); and

conducting market research, understanding and determining customer location, preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programmes.

If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, Maybank may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services (including discounts and special offers).

In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below.

Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, we will require some time to process your withdrawal request. During this period of time you may still receive marketing or promotional materials/communication. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the accounts, facilities or services that you hold or have subscribed to with Maybank.

5. To whom do we disclose your Personal Data?

Your Personal Data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services, and for the purposes listed above (where applicable), your Personal Data may be disclosed to the following parties:

entities within the Maybank group, including Malayan Banking Berhad and any of its branches, representatives offices, subsidiaries, related corporations and affiliates;

agents, contractors or third party service providers who provide operational services to Maybank, such as courier services, telecommunications, information technology, payment, payroll, processing, training, survey, market research, storage, archival or other services to Maybank;

vendors and other third party service providers in connection with promotions, online campaigns, products and services offered by Maybank;

credit bureaus and credit reporting agencies;

any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);

other financial institutions, external banks, credit card companies and their respective service providers;

our professional advisers such as financial advisors, auditors and lawyers;

relevant regulatory bodies, government agencies, statutory boards, administrative bodies, authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes to which Maybank may be subject, whether situated locally or overseas;

counterparties, billing organisations and their respective banks in relation to fund transfers, payments and drawing of cheques;

surveyors or valuers in relation to loan facilities like mortgages;

the Land Transport Authority in relation to Certificate of Entitlement open bidding services;

collection and repossession agencies in relation to the enforcement of repayment obligations for loans;

external business, referral and charity partners in relation to the marketing and promotion of products, banking privileges, gift redemptions, loans and corporate promotional events; and

any other party to whom you authorise us to disclose your Personal Data to.

6. How do we protect your data?

The security of your Personal Data is our priority. Maybank takes all physical, technical and organisational measures needed to ensure the security and confidentiality of Personal Data. We protect your information in a highly secure data centre, adhering to strict computer security standards. We have put in place, privacy protection control systems designed to ensure that our customers' information remain safe, secure and private. For more information on our security measures, please refer to our security statement.

Employee access is only limited to authorised employees who are fully trained in handling your information. These authorised personnel are required to ensure the confidentiality of your information and to respect your privacy at all times. Employees who have access to your information will be subjected to disciplinary action should they fail to observe this Data Protection Policy and other guidelines, codes or policies which we may issue to them from time to time.

If we disclose any of your Personal Data to our authorised agents or service providers, we will require them to appropriately safeguard the Personal Data provided to them.

7. How long may we retain your Personal Data?

We will only retain your Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements.

8. Changes to this Data Protection Policy

Please note that we may update this Data Protection Policy from time to time to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. If there are material changes to this Data Protection Policy, we will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do periodically review this Data Protection Policy to stay informed on how we are protecting and managing your information.

Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy.

This Data Protection Policy was last updated in November 2018.

9. Access and correction of your Personal Data

You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested / applied for.

We are committed to ensure that the Personal Data we hold about you is accurate, complete, and up-to-date. If there are any changes to your Personal Data or if you believe that the Personal Data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact us so that we may take steps to update your Personal Data.

You have the right to access your Personal Data. If you would like to request access to your Personal Data, please contact us. Please note that depending on the information requested we may charge a small fee. We may also take steps to verify your identity before fulfilling your request for access to your Personal Data.

10. How can you contact us?

f you need to contact us, you may visit any of our branches, call our Customer Relationship Executives on 1800-MAYBANK (1800-629 2265) or (65) 6533 5229(65) 6533 5229 (Overseas) or visit us at www.maybank2u.com.sg. For corporate customers, you may contact your relationship manager directly.

Alternatively, you may also write to our Data Protection Officer as follows: